I have some web pages that I try to debug. The html page invokes a shtml file, which invokes an executable, and the exe generates some html. Here is one of the shtml <html> <body> <!--#exec cgi="dice.exe?1"--> </body> </html> Here is the error when the script is execut...more >>

Hello All, I have recently had the pleasure of installing Norton Internet Security 2005 and finding that I can no longer create or open a web-based application in Visual Studio .Net. The IDE just freezes. I tried fiddling with the configuration settings of the Norton Firewall but was not ...more >>

Our OWA front end servers that are in DMZ have Verisign certificates and users login using only SSL authentication. In this situation can we safely have normalizeUrlBeforeScan=0 since no other attacker could login to OWA server to view the URL of our domain/directories. Ofcourse one within ...more >>

hi all, Just installed IIS on my XP pro box and decided to run the IIS lockdown tool, all seemed to go fine but I got the following in the report at the end: .. .. .. Warning: Unable to secure content (C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe): Access is denied. Warning: Unable to sec...more >>

Hi I have IIS 6.0 and URLscan 2.5. In IIS 6.0 there is no need to include characters we need to block under 'denyurlsequences'. this is frustrating because I can't remove/add to this list. In IIS 6.0 where does the application store denyurlsequences list so i can modify? I want to remove...more >>

Hi I'm trying to test out how to use SSL in my web site but I'm having problems getting the test SSL certificate installed. I've installed Certificate Services on a server, downloaded and installed the root certifiacte to my laptop (where I'm developing the web site). I've created a certifi...more >>

Hi all, we have run into an interesting issue. We have a domain user account that has been denied the right to log on locally. Now, we have 2 servers, 1 running iis 5 & 1 running iis 6. Both servers have a ftp site to which we need this particular domain user account to be able to login. What ...more >>

Hi all, we have a iis5 box that has a website running over ssl and has client cert mapping enabled mapped to a local user account. Everything was working OK. We recently moved the box to a domain environment and switched the mapped user account from a local account to a domain account and now ...more >>

I'm having a problem connecting anonymously to an IIS6 Web Server. - Server is Windows 2003, IIS6 - Server is a domain controller - IUSR_SERVERNAME account has permissions to access c:\wwwroot - IUSR_SERVERNAME account is a member of IIS_WPG - IUSR_SERVERNAME account has permission to log on ...more >>

Friends, We have IIS 6.0 and installed URLSCAN 2.5. In URLscan.ini [DenyUrlSequence] is empty. We couldn't open any messages that has "+" in the subject field. Not jeopardizing other characters/symbols, how i can include just "+" in url I checked the log file and it says "URL normaliz...more >>

Hello Microsoft, You always have the answers Please take the time to read and respond to this. Please help me with this; I'm a network administrator with an account lockout problem. We have an ISS domain account which has administrative permissions to all the machines on the network. The ...more >>

I have a DNS server. In the windows security log, the anonymous user (IUSR_<server name>) is recorded as logging on/off numerous times each day...at all hours of the day and night. These logons do not coincide with anything I see in the IIS log. Not knowing a whole lot about IIS, is this norma...more >>

We're running IIS 6.0 on our company intranet, and I am building a subsite for our team using ASP. I want to capture the username of the person hitting any given webpage (so I can dynamically determine which links a user sees). I am aware that we'll need to turn off Anonymous login, and enab...more >>

My organization is moving from IIS 5 on a Windows 2000 server to a new Windows 2003 Server with IIS 6. My plan was to use the IIS Migration tool, however, higher ups have decdided to basically recreate the sites on the 2003 server and copy the inetpub info from the 2000 server to the 2003 ser...more >>

We have a IIS 6 running on Server 2003 configured for anonymous. When external clients visit the web site they are presented with a log in box. This seems to only be happening with users on Windows 98 or below. Simply clicking OK without entering any information allows them to continue. ...more >>

Hi, as posted before we had the strange behaviour, that when posting data within an intranet application from one asp page to another the request data (formfields, ...) was lost. Conditions, under which the problem occurs: * Server: Windows Server 2003 with IIS 6.0 * Web-Authentication: an...more >>

Hei, I installed CRM on the Windows Server 2003 on three box for 100 users. A: 1 for Active Directory Domain controler (ADSRV) B: 1 for SQL 2000 + CRM Server ver 1.2 (CRMSRV) C: 1 for Exchange Server 2003 (EXSRV) i have one problem that when i type http://crmwebsite o...more >>

When integrated windows authentication is enabled in IIS, I found that the latest versions of Gecko-based browsers (Netscape 7.2, Mozilla 1.7, Firefox) now prompt for user's credentials. The interesing thing is, I don't need to specify "domain\" part of the username. It works with or without i...more >>

Greetings, I'm running into a problem with IIS 6/ASP.NET user permissions for a site. To my knowledge, only "IUSR_SERVER" and "ASP.NET Machine Account" accounts are required on the application to run via the web. However, this is not the case for this particular application, which is creat...more >>

New to security, been reading some articles, but some help would be appreciated. I am setting up a web server, what is the best way to protect it? Setup another machine that acts as a firewall, (do not really know what this means) or just run a firewall on the same machine. If set up on a...more >>

Using company cert server (w2k) and having just renewed the annual - on several clients (XP SP2), now receive dialog that warns the cert is expired (view cert in this dialog and it is the old one). Click through to get access. Check internet options and only the new cert is availailable......more >>

I have a site that is now SSL secured. User not still using the http:// to get to the site. How can I redirect the user the the visited page using https:// ? ...more >>

I have a web server (Windows 2003 IIS6) that is joined into our domain. I have it setup with Windows Integrated Auth. and have also tried Digest and Basic. I cannot get the webserver to authenticate the accounts to theh domain. Everytime you try to login to a web page with a domain usernam...more >>